123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131 |
- /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
- #include <openssl/bio.h>
- #include <openssl/crypto.h>
- #include <openssl/ssl.h>
- #include <openssl/err.h>
- #include "ssltestlib.h"
- #include "testutil.h"
- static char *cert = NULL;
- static char *privkey = NULL;
- static unsigned int timer_cb_count;
- #define NUM_TESTS 2
- #define DUMMY_CERT_STATUS_LEN 12
- static unsigned char certstatus[] = {
- SSL3_RT_HANDSHAKE, /* Content type */
- 0xfe, 0xfd, /* Record version */
- 0, 1, /* Epoch */
- 0, 0, 0, 0, 0, 0x0f, /* Record sequence number */
- 0, DTLS1_HM_HEADER_LENGTH + DUMMY_CERT_STATUS_LEN - 2,
- SSL3_MT_CERTIFICATE_STATUS, /* Cert Status handshake message type */
- 0, 0, DUMMY_CERT_STATUS_LEN, /* Message len */
- 0, 5, /* Message sequence */
- 0, 0, 0, /* Fragment offset */
- 0, 0, DUMMY_CERT_STATUS_LEN - 2, /* Fragment len */
- 0x80, 0x80, 0x80, 0x80, 0x80,
- 0x80, 0x80, 0x80, 0x80, 0x80 /* Dummy data */
- };
- #define RECORD_SEQUENCE 10
- static unsigned int timer_cb(SSL *s, unsigned int timer_us)
- {
- ++timer_cb_count;
- if (timer_us == 0)
- return 1000000;
- else
- return 2 * timer_us;
- }
- static int test_dtls_unprocessed(int testidx)
- {
- SSL_CTX *sctx = NULL, *cctx = NULL;
- SSL *serverssl1 = NULL, *clientssl1 = NULL;
- BIO *c_to_s_fbio, *c_to_s_mempacket;
- int testresult = 0;
- timer_cb_count = 0;
- if (!TEST_true(create_ssl_ctx_pair(DTLS_server_method(),
- DTLS_client_method(),
- DTLS1_VERSION, DTLS_MAX_VERSION,
- &sctx, &cctx, cert, privkey)))
- return 0;
- if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA")))
- goto end;
- c_to_s_fbio = BIO_new(bio_f_tls_dump_filter());
- if (!TEST_ptr(c_to_s_fbio))
- goto end;
- /* BIO is freed by create_ssl_connection on error */
- if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl1, &clientssl1,
- NULL, c_to_s_fbio)))
- goto end;
- DTLS_set_timer_cb(clientssl1, timer_cb);
- if (testidx == 1)
- certstatus[RECORD_SEQUENCE] = 0xff;
- /*
- * Inject a dummy record from the next epoch. In test 0, this should never
- * get used because the message sequence number is too big. In test 1 we set
- * the record sequence number to be way off in the future. This should not
- * have an impact on the record replay protection because the record should
- * be dropped before it is marked as arrived
- */
- c_to_s_mempacket = SSL_get_wbio(clientssl1);
- c_to_s_mempacket = BIO_next(c_to_s_mempacket);
- mempacket_test_inject(c_to_s_mempacket, (char *)certstatus,
- sizeof(certstatus), 1, INJECT_PACKET_IGNORE_REC_SEQ);
- if (!TEST_true(create_ssl_connection(serverssl1, clientssl1,
- SSL_ERROR_NONE)))
- goto end;
- if (timer_cb_count == 0) {
- printf("timer_callback was not called.\n");
- goto end;
- }
- testresult = 1;
- end:
- SSL_free(serverssl1);
- SSL_free(clientssl1);
- SSL_CTX_free(sctx);
- SSL_CTX_free(cctx);
- return testresult;
- }
- int setup_tests(void)
- {
- if (!TEST_ptr(cert = test_get_argument(0))
- || !TEST_ptr(privkey = test_get_argument(1)))
- return 0;
- ADD_ALL_TESTS(test_dtls_unprocessed, NUM_TESTS);
- return 1;
- }
- void cleanup_tests(void)
- {
- bio_f_tls_dump_filter_free();
- bio_s_mempacket_test_free();
- }
|